[OpenIndiana-discuss] ipfilter frustrations again
Daniel Kjar
dkjar at elmira.edu
Wed Jul 18 15:11:26 UTC 2012
hmmm
Think I found it... maybe. I made sure ipfilter was down and did the
| svcadm refresh ipfilter:default
then started ipfilter. Now it is golden. Time to write myself some notes...
|
On 07/18/12 09:58 AM, Michael Stapleton wrote:
> A look at the service script might help isolate the problem
>
> more /lib/svc/method/ipfilter
>
> There are some interesting comments in it that might be related.
>
> Mike
>
> On Wed, 2012-07-18 at 09:34 -0400, Daniel Kjar wrote:
>
>> Yes, and that does it but then I have to go in and remove all the quick
>> statements that it automagically generates.
>>
>> What I don't understand is when I check the settings, everything looks
>> right..
>>
>> |# svccfg -s ipfilter:default listprop firewall_config_default/policy
>> firewall_config_default/policy astring custom
>>
>> ||# svccfg -s ipfilter:default listprop firewall_config_default/custom_policy_file
>> firewall_config_default/custom_policy_file astring /etc/ipf/ipf.conf|
>>
>> but....
>>
>> I get this
>>
>> [root at bio2:~]>ipfstat -i
>> pass in log quick proto tcp from any to any port = 45139 flags S/FSRPAU
>> keep state
>> pass in log quick proto tcp from any to any port = lockd flags S/FSRPAU
>> keep state
>> pass in log quick proto udp from any to any port = lockd
>> pass in log quick proto tcp from any to any port = 59045 flags S/F
>>
>> If I force it I get that plus my ipf.conf file and if I reboot I lose
>> the changes to the properties of the ipfilter svc crap. As I said this
>> is on a brand spanking new and clean unaltered 151a5 installation. This
>> is a x2200m2 not that it matters.
>>
>>
>> On 07/18/12 09:16 AM, Lou Picciano wrote:
>>> Daniel,
>>>
>>>
>>> Yes, have found ipfilter to be quite fiddly... Have you tried to manually reload the filter rules with something like:
>>> ipf -f /path/to/ipf.conf ? (or, similarly: ipnat -f (etc) ???
>>>
>>>
>>> Lou Picciano
>>>
>>> ----- Original Message -----
>>> From: "Daniel Kjar" <dkjar at elmira.edu>
>>> To: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>
>>> Sent: Wednesday, July 18, 2012 8:37:00 AM
>>> Subject: [OpenIndiana-discuss] ipfilter frustrations again
>>>
>>> How do you 'correctly' modify the ipfilter settings with this new
>>> 'ignore /etc/ipf/ipf.conf' set up in OI? I tried
>>> following the directions on
>>>
>>> http://hub.opensolaris.org/bin/view/Community+Group+on/2009022302
>>>
>>> but nothing changes. This is on a fresh 151a5 install. How is a person supposed to do this without using a customized ipf.conf file? Is there a gui?
>>>
>>> I can't get the damn thing to look at etc/ipf/ipf.conf and I modified the new default custom location /somewhere/incomprehensible/ipf.conf and that does nothing either.
>>>
>>>
>
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
--
Dr. Daniel Kjar
Assistant Professor of Biology
Division of Mathematics and Natural Sciences
Elmira College
1 Park Place
Elmira, NY 14901
607-735-1826
http://faculty.elmira.edu/dkjar
"...humans send their young men to war; ants send their old ladies"
-E. O. Wilson
More information about the OpenIndiana-discuss
mailing list